On Fri, Feb 10, 2006 at 08:59:49PM +0100, Frans Pop wrote: > Allow me to wonder a bit about the way the last two kernel uploads were > handled. > > - 2.6.15-5 was pushed because it solved a remote security issue > (CVE-2006-0454), however it was uploaded with urgency LOW > - next day, 2.6.15-6 that has a new upstream release is uploaded > > Wouldn't it have made more sense to upload 2.6.15-5 with urgency HIGH and > wait for that to reach testing before uploading a new upstream release?
Well, and let one vulnerable remote security update open for a day more, this is not acceptable. Even if only one user gets compromised because of this, then it is enough to warrant the upload. And i mean, apart from d-i .udebs builds (but i was told not to rant about this :), it really is not all that much of a bother to do even daily uploads if they are needed. Also, there will be a 2.6.15-7 soon :) Friendly, Sven Luther -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
